Rémi Denis-Courmont [Sun, 16 Jul 2023 15:18:02 +0000 (18:18 +0300)]
avcodec/x86/mathops: clip constants used with shift instructions within inline assembly
Fixes assembling with binutil as >= 2.41
Signed-off-by: James Almer <jamrial@gmail.com>
(cherry picked from commit
effadce6c756247ea8bae32dc13bb3e6f464f0eb)
Michael Niedermayer [Wed, 12 Mar 2025 21:13:01 +0000 (22:13 +0100)]
doc/Doxyfile: Fix typo
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 11 Mar 2025 19:10:05 +0000 (20:10 +0100)]
Update for 3.4.14
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Lynne [Wed, 1 Jan 2025 09:03:33 +0000 (18:03 +0900)]
configure: update copyright year
On 01/01/2025 19:05, Peter Ross wrote:
> FFmpeg turns 25 this year.
(cherry picked from commit
d3aa99a4f436e89773246339d9d363587a1d21df)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Cosmin Stejerean [Wed, 6 Dec 2023 10:39:32 +0000 (18:39 +0800)]
avfilter/bwdif: account for chroma sub-sampling in min size calculation
The current logic for detecting frames that are too small for the
algorithm does not account for chroma sub-sampling, and so a sample
where the luma plane is large enough, but the chroma planes are not
will not be rejected. In that event, a heap overflow will occur.
This change adjusts the logic to consider the chroma planes and makes
the change to all three bwdif implementations.
Fixes #10688
Signed-off-by: Cosmin Stejerean <cosmin@cosmin.at>
Reviewed-by: Thomas Mundt <tmundt75@gmail.com>
Signed-off-by: Philip Langdale <philipl@overt.org>
(cherry picked from commit
737ede405b11a37fdd61d19cf25df296a0cb0b75)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 9 Feb 2025 00:28:17 +0000 (01:28 +0100)]
avformat/iff: Check that we have a stream in read_dst_frame()
Fixes: null pointer dereference
Fixes:
385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-
4551049565765632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
8668957ef604bd2b99175310638bc5031ae0d991)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 7 Feb 2025 01:33:21 +0000 (02:33 +0100)]
avformat/mlvdec: fix size checks
Fixes: heap-buffer-overflow
Fixes:
391962476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-
5746746587676672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
251d43aef0df9262f2688c1c848af993bbb67d08)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 30 Jan 2025 01:28:32 +0000 (02:28 +0100)]
avcodec/h263dec: Check against previous dimensions instead of coded
Fixes: out of array access
Fixes: crash-
a41ef3db699013f669b076f02f36942925f5a98c
Found-by: Kacper Michajlow <kasper93@gmail.com>
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
0fe33c99a26a06a6875c4abfb96362a65145264b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 23 Sep 2024 18:05:37 +0000 (20:05 +0200)]
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
5448597561212928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
6ecc96f4d08d74b0590ab03f39f93f386910c4c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 30 Nov 2024 00:48:22 +0000 (01:48 +0100)]
avcodec/huffyuvdec: Initialize whole output for decode_gray_bitstream()
Fixes: use of uninitialized memory
Fixes:
375286238/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HYMT_fuzzer-
6352546854141952
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
ef71552cf970876085d99834abdb8e429aea9730)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 26 Dec 2024 02:07:51 +0000 (03:07 +0100)]
avformat/ipmovie: Check signature_buffer read
Fixes: use of uninitilaized data
Fixes:
385167047/clusterfuzz-testcase-minimized-ffmpeg_dem_IPMOVIE_fuzzer-
5941477505564672
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
788abe0d253b2034af15876d7889265d4746df2b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 26 Dec 2024 01:53:45 +0000 (02:53 +0100)]
avformat/wtvdec: Initialize buf
ff_parse_mpeg2_descriptor() reads over what is initialized
Fixes: use of uninitialized memory
Fixes:
383825645/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-
5144130618982400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
17b019c517af26c6d2f0c6266938c60d36db1fa3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 31 Dec 2024 03:13:25 +0000 (04:13 +0100)]
avformat/vqf: Propagate errors from add_metadata()
Suggested-by: Marton Balint <cus@passwd.hu>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
49fa3f6c5ba6d43cc4b3ade4f8d9dc2fdbc71f0a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 26 Dec 2024 00:46:49 +0000 (01:46 +0100)]
avformat/vqf: Check avio_read() in add_metadata()
Fixes: use of uninitialized data
Fixes:
383825642/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
5380168801124352
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c43dbecbdad152a91eadc7538b545852eee562ae)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 15 Jan 2025 02:30:21 +0000 (03:30 +0100)]
avutil/avstring: dont mess with NULL pointers in av_match_list()
Fixes: applying zero offset to null pointer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c6c54943d161812b3c4034116cb14f3f5c05dc43)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 8 Jan 2025 01:59:28 +0000 (02:59 +0100)]
avcodec/mpegvideo_enc: Check FLV1 resolution limits
Found-by: Elias Myllymäki <elias.myllymaki04p@gmail.com>
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
827c073154f4cc17d1bd3777dff3b58370210bcb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 9 Jan 2025 20:35:06 +0000 (21:35 +0100)]
avcodec/ffv1enc: Fix handling of 32bit unsigned symbols
This may be needed for floats
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Alexander Strasser <eclipse7@gmx.net>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
402824e9e99461f1c9e74a6730ced40894669560)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 1 Dec 2024 22:30:55 +0000 (23:30 +0100)]
avcodec/vc1dec: Clear block_index in vc1_decode_reset()
Fixes:
377965565/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1_fuzzer-
4504434689769472
Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
251de1791e645f16e80b09d82999d4a5e24b1ad1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 1 Dec 2024 21:27:18 +0000 (22:27 +0100)]
avcodec/aacsbr_template: Clear n_q on error
Fixes: index 5 out of bounds for type 'uint8_t [5]'
Fixes:
377748135/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-
5167109774049280
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
3f029bfb7f9ca1c73fecb8d0eacf3c4e0550f771)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 1 Dec 2024 02:25:09 +0000 (03:25 +0100)]
swscale/output: Fix undefined overflow in yuv2rgba64_full_X_c_template()
Fixes: signed integer overflow: -
1082982400 + -
1195645138 cannot be represented in type 'int'
Fixes:
376136843/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-
4791844321427456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
56faee21c136942c491f30a2e82cfbbfce180beb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 6 Jan 2025 21:01:39 +0000 (22:01 +0100)]
avfilter/af_pan: Fix sscanf() use
Fixes: Memory Data Leak
Found-by: Simcha Kosman <simcha.kosman@cyberark.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
b5b6391d64807578ab872dc58fb8aa621dcfc38a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 16 Aug 2024 12:47:42 +0000 (14:47 +0200)]
avformat/rmdec: check that buf if completely filled
Fixes: use of uninitialized value
Fixes: 70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-
5298245077630976
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
9578c135d00dd9cc01491b8559d7fad5a387e90d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 11 Aug 2024 20:53:47 +0000 (22:53 +0200)]
avformat/mxfdec: Check that key was read sucessfull
Fixes: use of uninitialized value
Fixes: 70932/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
4870202133643264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
4c62cbcae2612acbc7ab5e8a7e7815674a6e8df4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 18 Nov 2024 03:09:11 +0000 (04:09 +0100)]
avformat/rpl: Fix check for negative values
Fixes: signed integer overflow: 10 * -
1923267925333400000 cannot be represented in type 'int64_t' (aka 'long')
Fixes:
378891963/clusterfuzz-testcase-minimized-fuzzer_loadfile_direct-
5714338935013376
Found-by: ossfuzz
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
eab65379bf89c55d8ec4bc6f00e04f15b37d3d85)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 25 Dec 2024 04:13:02 +0000 (05:13 +0100)]
avformat/mlvdec: Check avio_read()
Fixes: use-of-uninitialized-value
Fixes:
383170476/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-
4696002884337664
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
bb85423142103d694d97bad1967bd3dc55440e71)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 11 Dec 2024 21:37:07 +0000 (22:37 +0100)]
avcodec/utils: Fix block align overflow for ADPCM_IMA_WAV
Fixes: signed integer overflow:
529008646 * 8 cannot be represented in type 'int'
Fixes:
383379145/clusterfuzz-testcase-minimized-ffmpeg_dem_CAF_fuzzer-
6674045107503104
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
93270930798da368d5b1954a73ef7ff9dfa48f73)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 11 Dec 2024 20:36:11 +0000 (21:36 +0100)]
avformat/matroskadec: Check pre_ns for overflow
Fixes: signed integer overflow: -
3483479120376300096 -
7442323944145700864 cannot be represented in type 'long'
Fixes:
383187489/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-
4561470580391936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
361d24e6d920e4f7e4e5fa1fd6fbb6922bff35f2)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 16 Aug 2024 14:00:01 +0000 (16:00 +0200)]
avcodec/webp: Check ref_x/y
Fixes: 70991/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WEBP_fuzzer-
5544067620995072
Fixes: use of uninintailized value
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
7c1e732ad2e240af5afe9ffea443c91bb233aa65)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 18 Oct 2024 23:15:53 +0000 (01:15 +0200)]
avformat/dxa: check bpc
Fixes: integer overflow: -
2147483648 - 1 cannot be represented in type 'int'
Fixes:
373971762/clusterfuzz-testcase-minimized-ffmpeg_dem_DXA_fuzzer-
4880491112103936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
7e020f21413269418180eea7933a94ecb6bf2ef8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 18 Oct 2024 22:08:03 +0000 (00:08 +0200)]
swscale/slice: clear allocated memory in alloc_lines()
Fixes: use of uninitialized memory in hScale16To15_c()
Fixes:
373924007/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-
5841199968092160
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
aeec39f3c1be82863efe64ce95242de58e075e8f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 3 Nov 2024 10:07:27 +0000 (11:07 +0100)]
avformat/icodec: fix integer overflow with nb_pal
Fixes: runtime error: signed integer overflow
Fixes:
42536949/clusterfuzz-testcase-minimized-fuzzer_loadfile-
6199846684393472
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Tested-by: Kacper Michajlow
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
84569b6c22cb4eda9c682aabeb5f658112126780)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 16 Nov 2024 20:32:53 +0000 (21:32 +0100)]
doc/developer: Document relationship between git accounts and MAINTAINERS
This should have been documented long ago and i thought it was
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
7051825b0171bd5d566c5a5cc78852c5f3aa3072)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 3 Nov 2024 19:47:07 +0000 (20:47 +0100)]
avformat/ilbc: Check avio_read() for failure
Fixes: use of uninitialized value
Fixes:
42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-
6656646223298560-cut
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
e30d957a9bacf7f7307c640aa0bd1e70cb3bbe7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 3 Nov 2024 19:43:21 +0000 (20:43 +0100)]
avformat/nistspheredec: Clear buffer
Fixes: use-of-uninitialized-value
Fixes:
42537627/clusterfuzz-testcase-minimized-fuzzer_protocol_memory-
6515855798632448-cut
Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
898f6582eb51bf77b1f88e8f55eab67ee6ee13b8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 2 Nov 2024 17:23:50 +0000 (18:23 +0100)]
INSTALL: explain the circular dependency issue and solution
Sponsored-by: Sovereign Tech Fund
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
df00705e0010cc2c53d17d51944f847c2c852189)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 9 Oct 2024 21:44:00 +0000 (23:44 +0200)]
avformat/mpegts: Initialize predefined_SLConfigDescriptor_seen
Fixes: use of uninitialized variable
Fixes:
368729566/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGTS_fuzzer-
6044501804646400
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
db7b4fc89fb18d5ff0a1426bd433c234555a3fff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 16 Oct 2024 12:39:20 +0000 (14:39 +0200)]
avcodec/rangecoder: only perform renorm check/loop for callers that need it
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
d147b3d7ecba2bd40cb45284f920238da97a95ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 10 Oct 2024 18:39:23 +0000 (20:39 +0200)]
avcodec/ffv1dec: Fix end computation with ec=2
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
10e5af15bf220d9da128ca12d2d474ff6ab0076e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 1 Oct 2024 20:06:40 +0000 (22:06 +0200)]
avcodec/ffv1enc: Prevent generation of files with broken slices
Fixes: Ticket5548
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
b7ff66a35804275b25c1176cad560540785e8750)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 28 Jul 2024 20:08:23 +0000 (22:08 +0200)]
avformat/matroskadec: Check desc_bytes so bits fit in 64bit
Likely a tighter check can be done
Fixes: signed integer overflow:
3305606804154370442 * 8 cannot be represented in type 'long'
Fixes: 70449/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-
4771166007918592
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c4122406f6d2726aea833480a2a8e345833dd881)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 1 Oct 2024 20:04:58 +0000 (22:04 +0200)]
avcodec/ffv1enc: Correct error message about unsupported version
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
556c767786e9e3c072f7666d60a68a31a3400438)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 6 Oct 2023 20:23:33 +0000 (22:23 +0200)]
avcodec/ffv1enc: Slice combination is unsupported
We always write minimal slices, the size calculation is wrong in some
corner cases but as its always 1x1 (minus1) we can for now just hard-code it
This helps with ticket 5548
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
7d514655bfa47c6e5cc1b81fbba8e750e368036e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 30 Sep 2024 21:42:50 +0000 (23:42 +0200)]
avcodec/ffv1enc: 2Pass mode is not possible with golomb coding
"Fixes" Ticket7063
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
417b163c00555ccda201a963e797bfa663a26ff5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 24 Sep 2024 21:43:09 +0000 (23:43 +0200)]
avcodec/ffv1enc: Fix >8bit context size
Fixes: Ticket5405
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
a9c83e43f2fc9128e20851291b0270add1a6b95f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 22 Sep 2024 21:15:35 +0000 (23:15 +0200)]
avcodec/xan: Add basic input size check
Fixes: Timeout
Fixes: 71739/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XAN_WC3_fuzzer-
6170301405134848
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
56bef2fd58d0ed30dbe940083c30ada2b0404491)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 22 Sep 2024 18:31:58 +0000 (20:31 +0200)]
avcodec/svq3: Check for minimum size input
Fixes: Timeout
Fixes: 71295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-
4999941125111808
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
050b5e85cbe61414ba9b78f76a04b2488e816f42)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 19 Sep 2024 19:57:09 +0000 (21:57 +0200)]
avcodec/jfdctint_template: use unsigned z* in row_fdct()
Fixes: signed integer overflow:
856827136 +
2123580416 cannot be represented in type 'int'
Fixes: 70772/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_KS_fuzzer-
5180569961431040
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
f27c8b04d3059fa538db8f2db6503cbb586eb3ad)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 12 Sep 2024 20:29:04 +0000 (22:29 +0200)]
avformat/mxfdec: More offset_temp checks
Fixes: signed integer overflow:
9223372036854775807 - -
1927491430256034080 cannot be represented in type 'long'
Fixes: 70607/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
5282235077951488
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <git@haerdin.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
5a96aa435af0d66bdec52ee115cf4dd971855fcd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 12 Sep 2024 20:51:53 +0000 (22:51 +0200)]
swscale/output: Fix undefined integer overflow in yuv2rgba64_2_c_template()
Fixes: signed integer overflow: -
1082982400 + -
1083218484 cannot be represented in type 'int'
Fixes: 70657/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-
6707819712675840
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
bd80c97391969f9dbb312d6c498211ad85bb67cb)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 12 Sep 2024 18:08:42 +0000 (20:08 +0200)]
swscale/swscale: Use unsigned operation to avoid undefined behavior
I have not checked that the constant is correct, this just fixes the undefined behavior
Fixes: signed integer overflow: -646656 * 3517 cannot be represented in type 'int
Fixes: 70559/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-
5209368631508992
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
44c5641ae82387fcfce94820f5b53ce8e9dcd27f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 12 Sep 2024 18:03:55 +0000 (20:03 +0200)]
avcodec/vc2enc: basic sanity check on slice_max_bytes
Fixes: left shift of
896021632 by 3 places cannot be represented in type 'int'
Fixes: 70544/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-
6685593652756480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
6df9a0292ca6c29ef3b220fbf9b257924cabf035)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 14 Aug 2024 22:37:04 +0000 (00:37 +0200)]
avcodec/wmavoice: Do not use uninitialized pitch[0]
Fixes: use of uninitialized value
Fixes: 70850/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMAVOICE_fuzzer-
4806127362048000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
53387079301690f1bd38b97fdf31d63194201d17)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 19 Aug 2024 15:02:12 +0000 (17:02 +0200)]
avformat/apetag: Check APETAGEX
Fixes: Use of uninitialized value
Fixes: 71074/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-
5697034877730816
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
796ff2d599449ed798b69ab798ebcbcc0a5853f5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 16 Aug 2024 23:11:50 +0000 (01:11 +0200)]
avcodec/avcodec: Warn about data returned from get_buffer*()
Text based on suggestion by: epirat07@gmail.com
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
93444c46fce195e378c4ebb1a20ea662e7f0123b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Aug 2024 20:30:03 +0000 (22:30 +0200)]
avcodec/aic: Clear slice_data
Fixes: use-of-uninitialized-value
Fixes: 70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-
4874102695854080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
de3f6c8888bcf3df4ca6cb265a83507b95c884cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Aug 2024 20:10:48 +0000 (22:10 +0200)]
avcodec/shorten: clear padding
Fixes: use-of-uninitialized-value
Fixes: 70854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-
5533480570650624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
e44349ee88418ac16051bbc9231c1bfdc25d3504)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Aug 2024 19:27:44 +0000 (21:27 +0200)]
avformat/mpeg: Check an avio_read() for failure
Fixes: use-of-uninitialized-value
Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-
4684401009557504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
66ee75d76ce56a3553a99d67e74b8a9970c18f5b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 6 Aug 2024 16:02:58 +0000 (18:02 +0200)]
avformat/segafilm: Set keyframe
Fixes: use of uninitialized value
Fixes: 70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-
5883617752973312
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
4dc7dfe65aaa21801a907c66592b92b05da921dc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 20:33:11 +0000 (22:33 +0200)]
avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
Related: CID1591924 Uninitialized scalar variable
Related: CID1591938 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
1d6a2aebae202652feb5964a2d62bdba4e5cc6e4)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 20:28:04 +0000 (22:28 +0200)]
avcodec/dxva2: initialize validate
Related: CID1591915 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
2232c4cc8c3d64dec4e4399b58e057f5dbb9ff98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 20:23:16 +0000 (22:23 +0200)]
avcodec/dxva2: Initialize ConfigBitstreamRaw
Related: CID1591894 Uninitialized scalar variable
Related: CID1591906 Uninitialized scalar variable
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
489c05b9c3ea7d856b7a81abce247721b3b3d6e8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 20:13:28 +0000 (22:13 +0200)]
avcodec/dxva2: Initialize dxva_size and check it
Related: CID1591878 Uninitialized scalar variable
Related: CID1591928 Uninitialized pointer read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c8c59e99295f9ef572b5d6f0fd9075bb2b79acbd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 13 Jul 2024 07:16:48 +0000 (09:16 +0200)]
avformat/lmlm4: Eliminate some AVERROR(EIO)
Found by code review related to CID732224 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
191a685010319cb0d248771574c7c61d76e4eb95)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 6 Aug 2024 22:18:53 +0000 (00:18 +0200)]
avformat/wtvdec: Check length of read mpeg2_descriptor
Fixes: Use of uninitialized value
Fixes: 70900/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-
6286909377150976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c390234da2e3c7a8884f5592f0b9b4928c482b3e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 6 Aug 2024 22:18:51 +0000 (00:18 +0200)]
avformat/wtvdec: clear sectors
The code can leave uninitialized holes in the array.
Fixes: use of uninitialized values
Fixes: 70883/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-
6698694567591936
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
c95ea0310468e0a0906fa7d590ff7406c39d6991)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Kacper Michajłow [Thu, 27 Jun 2024 00:40:35 +0000 (02:40 +0200)]
avcodec/parser: ensure input padding is zeroed
Fixes use of uninitialized value, reported by MSAN.
Found by OSS-Fuzz.
Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-
5179190066872320
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
5dfc0cc84129758b4eab2acdc3e186c3116deacd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 4 Aug 2024 20:00:35 +0000 (22:00 +0200)]
avformat/img2dec: Clear padding data after EOF
Fixes: use-of-uninitialized-value
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-
5179190066872320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Kacper Michajlow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
3978e81809a3daf278199849f7bbeacbffb9fa09)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 3 Aug 2024 17:45:15 +0000 (19:45 +0200)]
avformat/wavdec: Check if there are 16 bytes before testing them
Fixes: use-of-uninitialized-value
Fixes: 70839/clusterfuzz-testcase-minimized-ffmpeg_dem_W64_fuzzer-
5212907590189056
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
79a1cf30d1289f90da682263ba160f6e4a5a7bf1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 31 Jul 2024 19:43:39 +0000 (21:43 +0200)]
avcodec/snow: Fix off by 1 error in run_buffer
Fixes: out of array access
Fixes: 70741/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-
5703668010647552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
06f5ed40f8fceb2542add052c57608121eda2f41)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 17 Jun 2024 11:31:02 +0000 (13:31 +0200)]
avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
The snow encoder uses block based motion estimation which can read out of array if
insufficient alignment is used
It may be better to only apply this for the encoder, as it would safe a few bytes of memory
for the decoder. Until then, this fixes the issue in a simple way.
Fixes: out of array access
Fixes: 68963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-
4979988435632128
Fixes: 68969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-
6239933667803136.fuzz
Fixed: 70497/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-
5751882631413760
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
58fbeb59e74ac9a4ca81e9bc44141abcbff8ab6d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 19 Jul 2024 20:29:15 +0000 (22:29 +0200)]
avcodec/vaapi_encode: Check hwctx
Fixes: null pointer dereference
Fixes: 70376/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_VAAPI_fuzzer-
4733551250046976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
3cd077e2820679e8b9f8eb10954b4f5701191c48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 19 Jul 2024 17:21:41 +0000 (19:21 +0200)]
avcodec/proresdec: Consider negative bits left
Fixes: 70036/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_fuzzer-
6298797647396864
Fixes: shift exponent 40 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
419eee63565f81aca67b29582297841c59deaab8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 23 Jun 2024 21:17:24 +0000 (23:17 +0200)]
avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
An alternative would be to leave the context unchanged on failure of hls_slice_header()
Fixes: out of array access
Fixes: NULL pointer dereference
Fixes: 69584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-
5931086299856896
Fixes: 69724/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-
5104066422702080
Fixes: 70422/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-
5908731129298944
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
5d9544cfb03d8597aa2b0037def3a4679949cec6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 21:27:34 +0000 (23:27 +0200)]
avutil/slicethread: Check pthread_*_init() for failure
Fixes: CID1604383 Unchecked return value
Fixes: CID1604439 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
23851c9ee0f231122c58955e795e17cfe8ca5d98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 21:04:42 +0000 (23:04 +0200)]
avutil/frame: Check log2_crop_align
Fixes: CID1604586 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
15540b3d28676d5e797764a04f6681dcd01736f8)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 20:55:31 +0000 (22:55 +0200)]
avutil/buffer: Check ff_mutex_init() for failure
Fixes: CID1604487 Unchecked return value
Fixes: CID1604494 Unchecked return value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
82f5b20ff5be4fccbf42f4b90f155db0076c0462)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 20:37:54 +0000 (22:37 +0200)]
avformat/xmv: Check this_packet_size
Fixes: CID1604489 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
696685df0ccf437083d15f40358a6ec86f5748ac)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 19:05:20 +0000 (21:05 +0200)]
avformat/tty: Check avio_size()
Fixes: CID1220824 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
41745e550a0274571bd9fbfb12b36ff1743d4e9c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:58:21 +0000 (20:58 +0200)]
avformat/siff: Basic pkt_size check
Fixes: half of CID1258461 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
124a97dd8b7636fb52e042b2e85a44cce40ab5e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:49:08 +0000 (20:49 +0200)]
avformat/sauce: Check avio_size() for failure
Fixes: CID1604592 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
759aae590c0298414db4d2925a33b084d7f9e7f9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:44:45 +0000 (20:44 +0200)]
avformat/sapdec: Check ffurl_get_file_handle() for error
Fixes: CID1604506 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
3e305a0e703843765d4dd7042092c3a38c0f97af)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:29:10 +0000 (20:29 +0200)]
avformat/nsvdec: Check asize for PCM
Fixes: CID1604527 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
e83e24650489e63f6b31e8c72a973db6367947b9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:20:53 +0000 (20:20 +0200)]
avformat/mp3dec: Check header_filesize
Fixes: CID1608714 Division or modulo by float zero
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
cea4dbc903eaf8cb7a4ea53b281deff495ff8fa0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:17:00 +0000 (20:17 +0200)]
avformat/mp3dec; Check for avio_size() failure
Fixes: CID1608710 Improper use of negative value
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
bb936a1a720856a51c48bf907475daa8065920c9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 18:03:45 +0000 (20:03 +0200)]
avformat/mov: Use 64bit for str_size
We assign a 64bit variable to it before checking
Fixes: CID1604544 Overflowed integer argument
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
046d069552f5c2824f36fcf95d409670208dc94b)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 17:29:14 +0000 (19:29 +0200)]
avformat/mm: Check length
Fixes: CID1220824 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
139bf412464e62a83984cd49093936dcaa7a0865)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 16:40:46 +0000 (18:40 +0200)]
avformat/hnm: Check *chunk_size
Fixes: CID1604419 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
291356f58b8a1af491c692a89e6c4e70e9496f9d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Thu, 11 Jul 2024 15:38:08 +0000 (17:38 +0200)]
avformat/asfdec_o: Check size of index object
We subtract 24 so it must be at least 24
Fixes: CID1604482 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
891bc070f0294e564a02f9a71f6591b6a62c90cc)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Tue, 16 Jul 2024 21:44:04 +0000 (23:44 +0200)]
swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
Fixes: signed integer overflow: -
1082982400 + -
1068681048 cannot be represented in type 'int'
Fixes: 69995/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-
6285740271534080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
bcab9789ef750670277956e79736bca442aec2ff)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 19 Jun 2024 21:55:01 +0000 (23:55 +0200)]
avcodec/utvideoenc: Use unsigned shift to build flags
Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 69083/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_UTVIDEO_fuzzer-
5608202363273216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
69e90491f15d8eef643f8dfd1b75805829496678)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Mon, 17 Jun 2024 20:43:22 +0000 (22:43 +0200)]
avcodec/vc2enc: Fix overflows with storing large values
Fixes: left shift of
1431634944 by 2 places cannot be represented in type 'int'
Fixes: left shift of
1073741824 by 1 places cannot be represented in type 'int'
Fixes: 69061/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC2_fuzzer-
6325700826038272
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
af9935835335cae1ae5a4ec7fc14c1b5e25c1f2d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Wed, 19 Jun 2024 22:44:08 +0000 (00:44 +0200)]
avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
Fixes: out of array access
Fixes: 69098/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG2VIDEO_fuzzer-
6107989688778752
Fixes: 69599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-
4848626296225792.fuzz
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
9c8881cb3534b257d6e6539f563006599cd96b48)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 23:52:24 +0000 (01:52 +0200)]
avdevice/dshow: Check device_filter_unique_name before use
Fixes: CID1591931 Explicit null dereferenced
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
175c19166824bd93b02f60c5178365014212366e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sun, 26 May 2024 23:34:48 +0000 (01:34 +0200)]
avdevice/dshow_filter: Use wcscpy_s()
Fixes: CID1591929 Copy into fixed size buffer
Sponsored-by: Sovereign Tech Fund
Reviewed-by: Roger Pack <rogerdpack@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
daf61dddc8e27424c320d5c3abe3e0c5182cd5c0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Sat, 4 May 2024 23:51:59 +0000 (01:51 +0200)]
avcodec/flac_parser: Assert that we do not overrun the link_penalty array
Helps: CID1454676 Out-of-bounds read
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
9af348bd1aa41ea10d6719c56ed2b4eda97642f3)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 5 Jul 2024 00:21:56 +0000 (02:21 +0200)]
avcodec/pixlet: Simplify pfx computation
Found by reviewing code related to CID1604365 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
0474614e6cf8edcd0077b95772c29fae894a7db9)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 5 Jul 2024 00:21:55 +0000 (02:21 +0200)]
avcodec/motion_est: Fix score squaring overflow
Fixes: CID1604552 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
f18b442370d714b930e3e983c2e5d789229f3356)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 5 Jul 2024 00:21:52 +0000 (02:21 +0200)]
avcodec/loco: Check loco_get_rice() for failure
Fixes: CID1604495 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
d55327684349b4db5d5905eefaa7d2aec597908d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 5 Jul 2024 00:21:51 +0000 (02:21 +0200)]
avcodec/loco: check get_ur_golomb_jpegls() for failure
Fixes: CID1604400 Overflowed constant
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
b9899866418cb3bd930846271470e3096917f5f6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer [Fri, 5 Jul 2024 00:21:48 +0000 (02:21 +0200)]
avcodec/iff: Use signed count
This is more a style fix than a bugfix (CID1604392 Overflowed constant)
Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit
cfe66dfebb8a1e1394bcf834b6cc785f280ccecf)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
projects / ffmpeg.git / log